How to upgrade Mikrotik hAP with new software using PXE Netinstall 🔨

Leave a Comment / Miscellaneous

I have the pleasure to maintain 🔨 update and upgrade my farm of Mikrotik Routerboard Home Access Points hAP Lite now and then. I often do this in order to make cold reboot or to make sure the firmware and RouterOS is latest clean version hence less vulnerable.

To carry this out rapidly, reliable and safe I over the years have tried several different ways and being completely novice to the fantastic Mikrotik world it can be a pain sometimes, particular if Netboot does connect haP and the Windows PC together.

But after some years learning by doing and written my best experience down my home brewed method I like to share and it seems to work in a hurry.

Prerequisites:

  • PC with IP-network port using Windows 10/11
  • Ethernet cable ca 5e and above goes fine
  • Your Mikrotik hAP (Lite). Others boxes might goes fine too but never tried as.

Tools  /software:

  • Mikrotik NetInstall
  • Mikrotik Winbox
  • Latest downloaded version of RouterOs (routeros-X.X-smips.npk)
  • 1 LAN cable
    The Mikrotik software have to corresponds in version number. It might work with different numbers but lot easier to make fit later on when it does. E.g. version 7.41 in netinstall must also be ver, 7.41 in RouterOs.

To do this upgrade my Mikrotik Routerboard hAP is handle over five strokes:

  1. Dismantle current setup
  2. Make temporary mikro-LAN
  3. Upgrade software
  4. Update settings – harden your box
  5. Reinstall to normal

 

As you need to make a very open local network we need security. I will guide you:

Dismantle and prepare

  1. Backup your Mikrotik haP using Winbox or its internal web page on htttp://192.168.88.1 (I don’t use that as I switch it off due to security) assuming you use the factory default IP;  otherwise use your own.
  2. Save the file on you PC. In a moment all is gone to the eternity of the electrons graveyard.
  3. Take out  all cables of your hAp and your PC.


    Make temporary LAN

  4. Set your windows PC / laptop on “Flight Mode” blocking ALL wireless connections. You should now have no internet connections nor IP connections to anything else. A stand alone PC is what you want.
    If your have Virtual PC. this is not the right PC as its makes troubles on the pxe-network later on. NO virtual Switches (from hyper-V) either.
  5. Go to Firewall settings and disable everything as in everything (We restore it later). Your want full access for all apps and ports.
  6. Start CMD, Do: ipconfig /release
    Then: ipconfig /flushdns
  7. On the PC go to Control Panel -> Network -> Network and Sharing -> Wired Network -> Change the IP address to static, add
    Ip: 192.168.88.20
    Sub: /24 (or 255.255.255.0)
    DNS: 192.168.88.1
  8. Some times a reboot is needed now.
  9. Connect a LAN cable between you PC and Mikrotik hAP port 0 (sometimes called “1”), the Internet and now use special pxe boot port.

     

    Mikrotik Netinstall Photo: Jes Saxe (c)
    Mikrotik Netinstall Photo: Jes Saxe (c)

    Upgrade software

  10. Start NETINSTALL. Add check mark for PXE Booting.
    Add ip something like 192.168.88.30. It shall not be the same as the PC or other IP in use here as the hAP will never show up in the list when you poot it as PXE .
  11. Switch OFF your hAP by cutting the power.
  12. Press the physical reset switch with a small stick like a mini screwdriver or similar. (A pencil might brake over). You can feel til resistance as its “click” to the bottom.
  13. Hold the switch in for 16 seconds, until the light goes out.
  14. Now you hAP should show up in the list of avilble units.
  15. Now install new firmware. I use to keep the standard settings.
  16. When its finished hAP need to find itself and reboots.
    Update settings – harden your box
  17. Move the LAN cable to anotor port on hAP. Any other goes.
  18. Start WINBOX connect to 192. 168.88.1.
  19. N0w configure and harden your box:
  20. First: Add a password for login for this node.
    You might be logout out. Login in agian
  21. In system choose NTP server of your preference. You can use mine on ntp.showfoto.eu in lack of better.
  22. In system remove all not needed services
  23. In firewall remove not need services.  More less your only want Winbox.
  24. Depending of your use of the hAP: change /add password for WiFi, Change Wifi to your preferred.
  25. Change other settings. (Personally I switch off IPv6).
  26. Or, you might have a back up to restores.
  27. When configuration is done, go to hap Menu -> system -> shutdown hAP.
    Reinstall to normal and keeping high security
  28. On your PC,
    Close Mikrotik Software for now.
    Take out the LAN cable.
    If you need the wired connection go to network and change it to DHCP. Otherwise you may leave it static. No ham done, just remember it to one day you cant connect on the wire.  If you use wired fices IP change it back to your preferred settings.
  29. Go to Firewall -> reset to standard settings. Pay attention to fileshare as this might need to be changes on Private network to allow Fileshare.
  30. Disable Flight Mode and allow Wifi.
  31. Reboot might be needed.
    PC Should be back to normal safe settings with strong firewall.
  32. On hAP:
  33. Connect some Internet WAN on port 0 (OR 1 depending of which is the lowest number).
  34. Add other LAN cable to the other ports on Routerboard, if any.
  35. Add power socket and boot your hAP.
  36. Now all should be fine again and you should have WiFi if you use the box for that.
    haP work is done.
  37. On your PC, Start Winbox and login to your hAP and make a control to conform the trajectory of your work has delivered your preferred result.

That’s it. hAPpy Routing 🙂

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

one + twenty =

indiana jez